Re: Tinydns - cache poisoning?

To: Stephen Vaughan <stephenvaughan@gmail.com>
Cc: debian-security@lists.debian.org
Subject: Re: Tinydns - cache poisoning?
From: John Allen <john.allen@dublinux.net>
Date: Wed, 30 Jul 2008 12:28:20 +0100
Message-id: <48905054.6000201@dublinux.net>
In-reply-to: <389c58c40807292147h27ab8f4ge3c349e9dd310c08@mail.gmail.com>
References: <389c58c40807292147h27ab8f4ge3c349e9dd310c08@mail.gmail.com>

Stephen Vaughan wrote:

Hi,
Does anyone know if TinyDNS is vulnerable to the dns cache poisoningexploit? I run tinydns servers, I ran the test below and it came backas POOR.
mh1:~# dig +short @ns1.example.com <http://ns1.example.com>porttest.dns-oarc.net <http://porttest.dns-oarc.net> TXTz.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net<http://z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net>."1.2.3.4 <http://1.2.3.4> is POOR: 26 queries in 4.4 seconds from 1ports with std dev 0.00"

This is all very odd. It looks like you are resolving ns1.example.com to1.2.3.4 which is a POOR DNS server.

--
Best Regards,
Stephen

Reply to:

References:
- Tinydns - cache poisoning?
  - From: "Stephen Vaughan" <stephenvaughan@gmail.com>

Prev by Date: snort-stat warnings
Next by Date: Re: snort-stat warnings
Previous by thread: Re: Tinydns - cache poisoning?
Next by thread: snort-stat warnings
Index(es):
- Date
- Thread